IT Partner

Building a future with Microsoft Cloud Technologies

Shadow IT Assessment Workshop (Remote)

category by product:
category by type:
  • Duration: 2 days;
  • Price: $1,900;

Shadow IT is a term that refers to applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department. The Shadow IT Assessment is a structured engagement helping customers discover Shadow IT. The assessment uses Microsoft Cloud App Security to evaluate usage of cloud applications and services from within an organization network.

  1. IT Partner is responsible for
  2. Client is responsible for
  3. Prerequisites
  4. Plan
  5. Results

Please note, we have an onsite form of the workshop

Our objective is to deliver the Shadow IT Assessment, including:

  • Good security principals cover people, process and technology solutions.
  • Improve the security posture when it comes to usage of cloud applications and services.
  • The Assessment is based on the discovery of usage of cloud applications and services

IT Partner is responsible for

  • Gain an understanding of customer’s cloud security objectives and requirements towards cloud usage and verify them against real usage of cloud applications and services
  • Provide guidance, recommendations and best practices on how to successfully use Microsoft Cloud App Security (CAS) to mitigate security threats that are associated with usage of cloud application and services
  • Provide a prioritized and actionable road-map for the customer containing proposed actions based on user impact and implementation cost
  • Map Microsoft CAS capabilities and partner services to assessment findings, taking into account customer’s security objectives and requirements

Client is responsible for

  • Information: This includes accurate, timely (within three business days or as mutually agreed upon), and complete information.
  • Access to people. This includes access to knowledgeable Customer personnel, including business user representatives, and access to funding if additional budget is needed to deliver project scope. Access to knowledgeable personnel who manage the firewalls, can provide credentials for log extraction, and can alter firewall rules if necessary.
  • Access to systems. This includes access to all necessary Customer work locations, networks, systems, and applications (remote and onsite)


  • Office 365 tenant and Microsoft Cloud App Security service. Either customer production Office 365 tenant with CAS (through E5 license) or trial Office 365 tenant and CAS trial (for up to 30 day).
  • Access to logs from customer firewalls or proxies.
  • Log Collector should be configured and ready to work More info .


The Shadow IT Assessment typically consists of an up to a two-hour remote kick-off meeting followed by remote assessment workshops.


  • Introduction to the engagement: objectives, flow, responsibilities and governance.
  • Provide and explain pre-assessment questionnaire to the customer.

Webinar 1 – Education & Setup

  • Review of a questionnaire (should be ready by the time of the webinar) in order to get mutual understanding, especially over customer’s cloud usage and associated security objectives and requirements.
  • Provide education and readiness on Microsoft Cloud App Security.

Webinar 2 – Exploration & Discovery

  • Review of the CAS report(s) with the customer.
  • Exploration of specific use cases of cloud usage in the portal.
  • Creation of final report from engagement highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services).
  • Creation of Cloud Usage Visibility and Control road-map.

Webinar 3 – Review & Road-map

  • Presentation and discussion of final report from engagement highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services).
  • Review of Cloud Usage Visibility and Control road-map.


  • Kick-off Presentation (work product), an overview of the engagement covering vision and objectives, requirements and next steps.
  • Pre-Assessment Questionnaire (work product), a questionnaire containing questions on cloud usage/adoption, security requirements, and objectives, regulations, and frameworks.
  • Shadow IT Discovery Report (deliverable), a document containing a list of discovered possible Shadow IT usage, and recommendations for further investigation of these.
  • Cloud Usage Visibility and Control Road-map, a prioritized, actionable road-map for addressing discovered cloud usage, especially its Shadow IT aspect, including mapping capabilities of Cloud App Security in a customer environment.

Do you have questions? Want to discuss your project? Please schedule a call back.

Request a call back